Effective: July 5, 2018
Collection of Information
We collect or receive the following types of information in connection with our Sites:
- Information You Provide Directly. You may provide information directly to us in several ways. For example, we may collect information including your name, address, phone number, and email address when you correspond with fTLD or complete an online form.
- Other Information We May Collect. We may collect, either directly or indirectly, certain information about you and the device you use to access the Sites. The collected information may include:
- The type of web browser and operating system you are using;
- Your IP address (which is a number automatically assigned to your computer when you access the internet and can be used to derive your general geographic location);
- The referral URL directing you to one of the Sites; and
- Other navigation data, such as webpages visited, and advertisements viewed or clicked on.
- If enabled, information about the content you view and the features you access on the Sites that we collect using cookies and similar technologies, which may include saving cookies to users’ computers. For further information, please read our Cookie Statement.
- Surveys. We may request information from you via surveys. Participation in these surveys is completely voluntary and you have a choice of whether or not to disclose information to us. Survey information may be used for purposes of marketing our product or service offerings, improving the use of our Sites, and improving our customer service.
- Domain Analysis and Monitoring. We monitor .BANK and .INSURANCE domains on a regular basis to evaluate compliance with our Security Requirements available at fTLD.com/security. As a part of this, we collect information about .BANK and .INSURANCE domains including tags, links, authoritative name servers, implementation and use of DNSSEC and TLS/encryption (including obtaining digital identity certificate information), URL redirection, email authentication information, and use of third-party providers and information about their domains providing services to a .BANK or .INSURANCE domain.
Use of Information
We use the information we collect:
- To provide you with information, services, or communications you request;
- To allow you to participate in our application process;
- To improve the Sites and enhance your experience with the Sites;
- To respond to your requests, questions, and comments;
- To protect our rights and the rights of others, including by enforcing our Terms and Conditions;
- For any other purpose disclosed to you at the time we collect your information, or pursuant to your consent; and
- In combination with other data, to provide and enhance fTLD Services.
Sharing of Information
We may share your information with the following entities:
- Affiliates. We may share your information with our affiliates—companies that control, are controlled by, or are under common control with fTLD.
- Social Media Advertising Networks. We may share information about you with social media networks to allow for the delivery of customized advertising about products or services that you may be interested in. We provide this information to the social media network, so they can deliver ads to the appropriate social media user. The delivery of customized social media ads, and your ability to opt-out of receiving those ads, is governed by the privacy policies of the social media companies who deliver customized ads to you.
- Other Parties When Required by Law, by Internet Corporation for Assigned Names and Numbers (“ICANN”), or as Necessary to Protect Our Services. There may be instances when we disclose your information to other parties to:
- protect the legal rights of the users of the Sites, fTLD and its affiliates;
- protect the safety and security of users of the Sites;
- prevent fraud (or for risk management purposes); or
- comply with or respond to the law or legal process or a request for cooperation by a government entity or by ICANN, whether or not legally required.
- Other Parties in Aggregated Form. We may also share your information with third-parties in an aggregate or non-personally identifiable form.
- Other purposes. To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify you.
- Other Parties in Connection With a Transfer of Assets. If we make a sale or transfer of assets, or are otherwise involved in a merger or transfer, or in the unlikely event of bankruptcy, we may transfer your information to one or more third-parties as part of that transaction, reorganization, or liquidation.
We are required under our agreements with ICANN to offer a WHOIS service with respect to the top-level domains (.BANK and .INSURANCE) for which we are the registry operator. The WHOIS service provides free public query-based access to domain name registration data submitted to our back-end registry services provider by registrars. fTLD is required to offer a “thick” (i.e., more extensive) WHOIS service that includes certain Personal Information associated with the registrants of domain names, including, but not limited to, the name, address, phone number, fax number, and email address of the domain name registrant and the administrative and technical contacts for the domain name (collectively, the “WHOIS Data”). The WHOIS service is available to any user of the internet and, therefore, the WHOIS Data submitted to fTLD’s back-end registry services provider by registrars may be disclosed to third-parties unassociated with fTLD or any of its affiliates.
Your California Privacy Rights
Under the California “Shine the Light” law, CA Civil Code § 1798.83, California residents may opt out of the fTLD’s disclosure of Personal Information to third-parties for their direct marketing purposes. You may choose to opt out of the sharing of your Personal Information with third-parties for marketing purposes at any time by submitting a request to us using the contact details provided at the end in the Contact Information section. It is important to note that this opt-out does not prohibit disclosures made for non-marketing purposes.
Protection of Personal Information
We use reasonable physical, technical, and administrative measures to safeguard Personal Information in our possession against loss, theft, unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us.
Our Sites are not intended for use by children under age 13. We do not knowingly collect or store Personal Information about children under the age of 13. If we learn that we have collected Personal Information from a child under age 13, we will delete that information from our customer database.
International Transfer of Data
For individuals located in the European Union (EU) or participating in activities outside of the US that you have consented to, your personal information may be transferred to countries outside the EU, in particular to the United States. Some non-EU countries are recognized by the European Commission as providing an adequate level of data protection according to EU standards. The full list of these countries is available at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm. For transfers from the EU to countries not considered adequate by the European Commission, we have put in place appropriate and suitable safeguards to protect your personal data and that the transfer of your personal data is in compliance with the requirements and the obligations provided by applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the EU General Data Protection Regulation 2016/679.
Accessing or Changing Your Personal Information and Your Rights
Please note that we may need to retain some Personal Information or other information about you to satisfy our legal and security obligations. For example, some of your information may remain in back-up storage even if you ask us to delete it. In some cases, you may be entitled under local laws to access or object to the processing of information that we hold relating to you.
Where applicable, you have the right to:
- Obtain confirmation as to whether or not your Personal Information is collected and processed by us and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;
- Request the deletion, anonymization or restriction of the processing of your Personal Information processed in breach of the applicable law;
- Object to the processing, in all cases, or your Personal Information;
- Receive an electronic copy of your Personal Information, if you would like to port it to yourself or another recipient; and
- Lodge a complaint with a data protection supervisory authority.
Remember that even after you cancel your account, or if you ask us to delete your Personal Information, copies of some information from your account may remain viewable in some circumstances where, for example, you have shared information with other services. We may also retain backup information related to your account on our servers for some time after cancellation or your request for deletion to comply with applicable law.
Do-Not-Track Signals and Similar Mechanisms
Some web browsers may transmit “do-not-track” signals to the websites with which a user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are aware of them. Because there is currently no industry standard concerning what, if anything, websites should do when they receive such signals, fTLD’s Sites currently do not respond to them. If a final standard is established and accepted, we will reassess how to respond to these signals.
Choice of Law
Write: fTLD Registry Services, LLC, Attn: Legal Counsel, 600 13th Street NW, Suite 400, Washington, DC 20005; or
You have the right to ask us not to process your Personal Information for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third-party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the contact details provided above.
If you would like to access, review, update, rectify, or delete Personal Information we hold about you, or exercise any other data subject rights (e.g., under the EU General Data Protection Regulation (GDPR)), please send a detailed request to us using the contact details provided above.
 For information on “thick” WHOIS see the following ICANN page: https://www.icann.org/resources/pages/thick-whois-2016-06-27-en.